From 5ed0c02e9995a829211be98f56bf4e1044cf5f76 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Fri, 19 Jan 2024 12:51:35 -0500
Subject: [PATCH] nftables: extend notrack rules for ADoT changes

---
 nftables-ns1.conf | 4 ++--
 nftables-ns2.conf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nftables-ns1.conf b/nftables-ns1.conf
index 9765fde..57d86de 100644
--- a/nftables-ns1.conf
+++ b/nftables-ns1.conf
@@ -8,7 +8,7 @@ table inet filter {
 
         iif lo notrack accept
         udp dport 53 notrack accept
-        tcp dport {22, 53} notrack accept
+        tcp dport {22, 53, 80, 443, 853} notrack accept
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -17,7 +17,7 @@ table inet filter {
 
         oif lo notrack accept
         udp sport 53 notrack accept
-        tcp sport {22, 53} notrack accept
+        tcp sport {22, 53, 80, 443, 853} notrack accept
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
diff --git a/nftables-ns2.conf b/nftables-ns2.conf
index 470def3..2461577 100644
--- a/nftables-ns2.conf
+++ b/nftables-ns2.conf
@@ -8,7 +8,7 @@ table inet filter {
 
         iif lo notrack accept
         udp dport 53 notrack accept
-        tcp dport {22, 53} notrack accept
+        tcp dport {22, 53, 80, 443, 853} notrack accept
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -17,7 +17,7 @@ table inet filter {
 
         oif lo notrack accept
         udp sport 53 notrack accept
-        tcp sport {22, 53} notrack accept
+        tcp sport {22, 53, 80, 443, 853} notrack accept
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }